#!/usr/bin/env python2
## -*- coding: utf-8 -*-

import sys
import array
import time

from triton import *
from abf.abstract import *

START_POINT = 0x400A2B # main
END_POINT   = 0x400A64


def emulate(pc):
    while pc:
        # Get back the good opcodes
        opcodes = array.array('B', getMemoryAreaValue(pc, 20)).tostring()

        # Create the Triton instruction
        instruction = Instruction()
        instruction.setOpcodes(opcodes)
        instruction.setAddress(pc)

        # Process
        processing(instruction)

        print instruction

        # Check the end point or if triton doesn't supports this instruction
        if pc == END_POINT or not len(instruction.getSymbolicExpressions()):
            break

        # Next!
        pc = buildSymbolicRegister(REG.RIP).evaluate()
    return


if __name__ == '__main__':

    # Set the architecture
    setArchitecture(ARCH.X86_64)

    # Define that we perform emulation
    enableSymbolicEmulation(True)

    # Symbolic optimization
    enableSymbolicOptimization(OPTIMIZATION.ALIGNED_MEMORY, True)

    # Load the binary
    print '[+] Load binary'
    binary = Abstract('./crackme_hash').getBinary()

    # Map the executable sections
    print '[+] Map the exec sections'
    for sec in binary.getExecSections():
        vaddr = sec['vaddr']
        count = 0
        for byte in sec['opcodes']:
            setLastMemoryValue(vaddr+count, byte)
            count += 1

    # Map the data sections
    print '[+] Map the data sections'
    for sec in binary.getDataSections():
        vaddr = sec['vaddr']
        count = 0
        for byte in sec['data']:
            setLastMemoryValue(vaddr+count, byte)
            count += 1

    # Define our input context
    # content of argv[1]
    setLastMemoryValue(0x10000000, ord('e'))
    setLastMemoryValue(0x10000001, ord('l'))
    setLastMemoryValue(0x10000002, ord('i'))
    setLastMemoryValue(0x10000003, ord('t'))
    setLastMemoryValue(0x10000004, ord('e'))
    # 0x20000000 = argv0
    # 0x20000008 = argv1 -> 0x10000000 -> 'elite'
    setLastMemoryValue(0x20000008, 0x00)
    setLastMemoryValue(0x20000009, 0x00)
    setLastMemoryValue(0x2000000a, 0x00)
    setLastMemoryValue(0x2000000b, 0x10)
    setLastMemoryValue(0x2000000c, 0x00)
    setLastMemoryValue(0x2000000d, 0x00)
    setLastMemoryValue(0x2000000e, 0x00)
    setLastMemoryValue(0x2000000f, 0x00)

    # RDI = argc
    # RSI = *argv[]
    setLastRegisterValue(Register(REG.RDI, 0x2))
    setLastRegisterValue(Register(REG.RSI, 0x20000000))

    # Setup stack
    setLastRegisterValue(Register(REG.RSP, 0x7fffffff))
    setLastRegisterValue(Register(REG.RBP, 0x7fffffff))

    print '[+] Start emulation'
    emulate(START_POINT)

    sys.exit(0)